1 files changed, 41 insertions, 0 deletions

diff --git a/gnu/packages/patches/icecat-CVE-2015-4491.patch b/gnu/packages/patches/icecat-CVE-2015-4491.patch
new file mode 100644
index 0000000000..c16885cfc7
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-4491.patch
@@ -0,0 +1,41 @@
+From c154557bc0aa7e310824717f3e829dd82e6726e4 Mon Sep 17 00:00:00 2001
+From: Lee Salzman <lsalzman@mozilla.com>
+Date: Tue, 21 Jul 2015 13:16:44 -0400
+Subject: [PATCH] Bug 1184009 - Limit image preview sizes. r=acomminos,
+ a=lmandel
+
+--HG--
+extra : transplant_source : %9B%86%13%60%B2%97%F1%8Fb%CB%9C%8D%FBWo%C9%EBPs1
+---
+ widget/gtk/nsFilePicker.cpp | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
+index 0b5a8dc..3c0d543 100644
+--- a/widget/gtk/nsFilePicker.cpp
++++ b/widget/gtk/nsFilePicker.cpp
+@@ -101,13 +101,16 @@ UpdateFilePreviewWidget(GtkFileChooser *file_chooser,
+     return;
+   }
+ 
+-  GdkPixbuf *preview_pixbuf;
++  GdkPixbuf *preview_pixbuf = nullptr;
+   // Only scale down images that are too big
+   if (preview_width > MAX_PREVIEW_SIZE || preview_height > MAX_PREVIEW_SIZE) {
+-    preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
+-                                                      MAX_PREVIEW_SIZE,
+-                                                      MAX_PREVIEW_SIZE,
+-                                                      nullptr);
++    if (ceil(preview_width / double(MAX_PREVIEW_SIZE) + 1.0) *
++          ceil(preview_height / double(MAX_PREVIEW_SIZE) + 1.0) < 0x7FFFFF) {
++      preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
++                                                        MAX_PREVIEW_SIZE,
++                                                        MAX_PREVIEW_SIZE,
++                                                        nullptr);
++    }
+   }
+   else {
+     preview_pixbuf = gdk_pixbuf_new_from_file(image_filename, nullptr);
+-- 
+2.4.3
+